X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fadmin.php;h=c98c5bc04a44596ab860990710416e1c9d21a5ab;hb=f74509fbb4f06820dc3d028e3ffd2145f151b013;hp=3c0cb27d859bbac3653e08f1e1bd96fce314d8ff;hpb=438b7a0c2a1b5c04ea3222fc3871a96882992eb5;p=platal.git diff --git a/modules/admin.php b/modules/admin.php index 3c0cb27..c98c5bc 100644 --- a/modules/admin.php +++ b/modules/admin.php @@ -47,6 +47,7 @@ class AdminModule extends PLModule 'admin/ipwatch' => $this->make_hook('ipwatch', AUTH_MDP, 'admin'), 'admin/icons' => $this->make_hook('icons', AUTH_MDP, 'admin'), 'admin/accounts' => $this->make_hook('accounts', AUTH_MDP, 'admin'), + 'admin/account/watch' => $this->make_hook('account_watch', AUTH_MDP, 'admin'), 'admin/account/types' => $this->make_hook('account_types', AUTH_MDP, 'admin'), 'admin/jobs' => $this->make_hook('jobs', AUTH_MDP, 'admin'), ); @@ -381,7 +382,7 @@ class AdminModule extends PLModule $user = User::get($login); } if (empty($user)) { - return; + pl_redirect('admin/accounts'); } $login = $user->login(); @@ -408,29 +409,47 @@ class AdminModule extends PLModule } } + // Handles account deletion. + if (Post::has('account_deletion_confirmation')) { + $uid = $user->id(); + $name = $user->fullName(); + $user->profile()->clear(); + $user->clear(true); + $page->trigSuccess("L'utilisateur $name ($uid) a bien été supprimé."); + } + // Account Form {{{ $to_update = array(); if (Post::has('disable_weak_access')) { $to_update['weak_password'] = null; } else if (Post::has('update_account')) { - if (Post::s('full_name') != $user->fullName()) { - // XXX: Update profile if a profile is associated - $to_update['full_name'] = Post::s('full_name'); - } - if (Post::s('display_name') != $user->displayName()) { - // XXX: Update profile if a profile is associated - $to_update['display_name'] = Post::s('display_name'); + if (!$user->hasProfile()) { + if (Post::s('full_name') != $user->fullName()) { + $to_update['full_name'] = Post::s('full_name'); + } + if (Post::s('display_name') != $user->displayName()) { + $to_update['display_name'] = Post::s('display_name'); + } + if (Post::s('directory_name') != $user->directoryName()) { + $to_update['directory_name'] = Post::s('directory_name'); + } } if (Post::s('sex') != ($user->isFemale() ? 'female' : 'male')) { $to_update['sex'] = Post::s('sex'); + if ($user->hasProfile()) { + XDB::execute('UPDATE profiles + SET sex = {?} + WHERE pid = {?}', + Post::s('sex'), $user->profile()->id()); + } } - if (!Post::blank('hashpass')) { - $to_update['password'] = Post::s('hashpass'); - // TODO: Propagate the password update to GoogleApps, when required. Eg: - // $account = new GoogleAppsAccount($user); - // if ($account->active() && $account->sync_password) { - // $account->set_password($pass_encrypted); - // } + if (!Post::blank('pwhash')) { + $to_update['password'] = Post::s('pwhash'); + require_once 'googleapps.inc.php'; + $account = new GoogleAppsAccount($user); + if ($account->active() && $account->sync_password) { + $account->set_password(Post::s('pwhash')); + } } if (!Post::blank('weak_password')) { $to_update['weak_password'] = Post::s('weak_password'); @@ -462,17 +481,43 @@ class AdminModule extends PLModule } } if (!empty($to_update)) { - // TODO: fetch the initial values of the fields, and eventually send - // a summary of the changes to an admin. + $res = XDB::query('SELECT * + FROM accounts + WHERE uid = {?}', $user->id()); + $oldValues = $res->fetchAllAssoc(); + $oldValues = $oldValues[0]; + $set = array(); + $diff = array(); foreach ($to_update as $k => $value) { - $set[] = XDB::format($k . ' = {?}', $value); + $value = XDB::format('{?}', $value); + $set[] = $k . ' = ' . $value; + $diff[$k] = array($oldValues[$k], trim($value, "'")); + unset($oldValues[$k]); } XDB::execute('UPDATE accounts - SET ' . implode(', ', $set) . ' + SET ' . implode(', ', $set) . ' WHERE uid = ' . XDB::format('{?}', $user->id())); $page->trigSuccess('Données du compte mise à jour avec succès'); $user = User::getWithUID($user->id()); + + /* Formats the $diff and send it to the site administrators. The rules are the folowing: + * -formats: password, token, weak_password + */ + foreach (array('password', 'token', 'weak_password') as $key) { + if (isset($diff[$key])) { + $diff[$key] = array('old value', 'new value'); + } else { + $oldValues[$key] = 'old value'; + } + } + + $mail = new PlMailer('admin/useredit.mail.tpl'); + $mail->assign('admin', S::user()->hruid); + $mail->assign('hruid', $user->hruid); + $mail->assign('diff', $diff); + $mail->assign('oldValues', $oldValues); + $mail->send(); } // }}} @@ -605,6 +650,7 @@ class AdminModule extends PLModule $page->addJsLink('jquery.ui.core.js'); $page->addJsLink('jquery.ui.tabs.js'); + $page->addJsLink('password.js'); // Displays last login and last host information. $res = XDB::query("SELECT start, host @@ -639,6 +685,7 @@ class AdminModule extends PLModule } $page->assign('user', $user); + $page->assign('hasProfile', $user->hasProfile()); // Displays forum bans. $res = XDB::query("SELECT write_perm, read_perm, comment @@ -742,7 +789,8 @@ class AdminModule extends PLModule if ($infos = self::formatNewUser($page, $line, $separator, $promotion, 6)) { $sex = self::formatSex($page, $infos[3], $line); if (!is_null($sex)) { - $name = $infos[1] . ' ' . $infos[0]; + $fullName = $infos[1] . ' ' . $infos[0]; + $directoryName = $infos[0] . ' ' . $infos[1]; $birthDate = self::formatBirthDate($infos[2]); $xorgId = Profile::getXorgId($infos[4]); if (is_null($xorgId)) { @@ -763,13 +811,13 @@ class AdminModule extends PLModule XDB::execute('INSERT INTO profile_display (pid, yourself, public_name, private_name, directory_name, short_name, sort_name, promo) VALUES ({?}, {?}, {?}, {?}, {?}, {?}, {?}, {?})', - $pid, $infos[1], $name, $name, $name, $name, $infos[0] . ' ' . $infos[1], $promo); + $pid, $infos[1], $fullName, $fullName, $directoryName, $fullName, $directoryName, $promo); XDB::execute('INSERT INTO profile_education (pid, eduid, degreeid, entry_year, grad_year, flags) VALUES ({?}, {?}, {?}, {?}, {?}, {?})', $pid, $eduSchools[Profile::EDU_X], $degreeid, $entry_year, $grad_year, 'primary'); - XDB::execute('INSERT INTO accounts (hruid, type, is_admin, state, full_name, display_name, sex) + XDB::execute('INSERT INTO accounts (hruid, type, is_admin, state, full_name, directory_name, display_name, sex) VALUES ({?}, {?}, {?}, {?}, {?}, {?}, {?})', - $infos['hrid'], $type, 0, 'active', $name, $infos[1], $sex); + $infos['hrid'], $type, 0, 'active', $fullName, $directoryName, $infos[1], $sex); $uid = XDB::insertId(); XDB::execute('INSERT INTO account_profiles (uid, pid, perms) VALUES ({?}, {?}, {?})', @@ -784,9 +832,11 @@ class AdminModule extends PLModule if ($infos = self::formatNewUser($page, $line, $separator, $type, 4)) { $sex = self::formatSex($page, $infos[3], $line); if (!is_null($sex)) { - XDB::execute('INSERT INTO accounts (hruid, type, is_admin, state, email, full_name, display_name, sex) + $fullName = $infos[1] . ' ' . $infos[0]; + $directoryName = $infos[0] . ' ' . $infos[1]; + XDB::execute('INSERT INTO accounts (hruid, type, is_admin, state, email, full_name, directory_name, display_name, sex) VALUES ({?}, {?}, {?}, {?}, {?}, {?}, {?}, {?})', - $infos['hrid'], $type, 0, 'active', $infos[2], $infos[1] . ' ' . $infos[0], $infos[1], $sex); + $infos['hrid'], $type, 0, 'active', $infos[2], $fullName, $directoryName, $infos[1], $sex); $newAccounts[$infos['hrid']] = $infos[1] . ' ' . $infos[0]; } } @@ -910,15 +960,19 @@ class AdminModule extends PLModule WHERE pd.promo = {?}', $promo); while (list($pid, $name, $death) = $res->next()) { $val = Env::v('death_' . $pid); - if($val == $death || empty($val)) { + if ($val == $death) { continue; } + if (empty($val)) { + $val = null; + } XDB::execute('UPDATE profiles SET deathdate = {?}, deathdate_rec = NOW() WHERE pid = {?}', $val, $pid); - $page->trigSuccess('Ajout du décès de ' . $name . ' le ' . $val . '.'); - if($death == '0000-00-00' || empty($death)) { + + $page->trigSuccess('Édition du décès de ' . $name . ' (' . ($val ? $val : 'ressuscité') . ').'); + if ($val && ($death == '0000-00-00' || empty($death))) { $profile = Profile::get($pid); $profile->clear(); $profile->owner()->clear(false); @@ -931,7 +985,7 @@ class AdminModule extends PLModule INNER JOIN profile_display AS pd ON (p.pid = pd.pid) WHERE pd.promo = {?} ORDER BY pd.sort_name', $promo); - $page->assign('decedes', $res); + $page->assign('profileList', $res); } function handler_dead_but_active(&$page) @@ -1087,7 +1141,41 @@ class AdminModule extends PLModule $table_editor->apply($page, $action, $id); } - function handler_account_types(&$page, $action = 'list', $id = null) + function handler_accounts(PlPage $page) + { + $page->changeTpl('admin/accounts.tpl'); + $page->setTitle('Administration - Comptes'); + $page->addJsLink('password.js'); + + if (Post::has('create_account')) { + S::assert_xsrf_token(); + $firstname = Post::t('firstname'); + $lastname = strtoupper(Post::t('lastname')); + $sex = Post::b('sex') ? User::GENDER_FEMALE : User::GENDER_FEMALE; + $email = Post::t('email'); + $login = PlUser::makeHrid($firstname, $lastname, 'ax'); + if (!isvalid_email($email)) { + $page->trigError("Invalid email address: $email"); + } else if (strlen(Post::s('pwhash')) != 40) { + $page->trigError("Invalid password hash"); + } else { + $full_name = $firstname . ' ' . $lastname; + $directory_name = $lastname . ' ' . $firstname; + XDB::execute("INSERT INTO accounts (hruid, type, state, password, + registration_date, email, full_name, + display_name, sex, directory_name) + VALUES ({?}, 'ax', 'active', {?}, NOW(), {?}, {?}, {?}, {?}, {?})", + $login, Post::s('pwhash'), $email, $full_name, $full_name, $sex, + $directory_name); + } + } + + $uf = new UserFilter(new UFC_AccountType('ax')); + $page->assign('users', $uf->iterUsers(new PlLimit(10))); + + } + + function handler_account_types(&$page, $action = 'list', $id = null) { $page->setTitle('Administration - Types de comptes'); $page->assign('title', 'Gestion des types de comptes'); @@ -1101,7 +1189,7 @@ class AdminModule extends PLModule { if (S::hasAuthToken()) { $page->setRssLink('Changement Récents', - '/Site/AllRecentChanges?action=rss&user=' . S::v('hruid') . '&hash=' . S::v('token')); + '/Site/AllRecentChanges?action=rss&user=' . S::v('hruid') . '&hash=' . S::user()->token); } // update wiki perms @@ -1290,7 +1378,7 @@ class AdminModule extends PLModule $page->assign('icons', $icons); } - function handler_accounts(&$page) + function handler_account_watch(&$page) { $page->changeTpl('admin/accounts.tpl'); $page->assign('disabled', XDB::iterator('SELECT a.hruid, FIND_IN_SET(\'watch\', a.flags) AS watch, @@ -1325,34 +1413,29 @@ class AdminModule extends PLModule } if (Env::has('edit')) { - // TODO: use address and phone classes to update profile_job_enum and profile_phones once they are done. + // TODO: use address class to update profile_job_enum once it is done. S::assert_xsrf_token(); $selectedJob = Env::has('selectedJob'); - XDB::execute("DELETE FROM profile_phones - WHERE pid = {?} AND link_type = 'hq'", - $id); + Phone::deletePhones(0, Phone::LINK_COMPANY, $id); XDB::execute("DELETE FROM profile_addresses WHERE jobid = {?} AND type = 'hq'", $id); - XDB::execute('DELETE FROM profile_job_enum - WHERE id = {?}', - $id); if (Env::has('change')) { XDB::execute('UPDATE profile_job SET jobid = {?} WHERE jobid = {?}', Env::i('newJobId'), $id); + XDB::execute('DELETE FROM profile_job_enum + WHERE id = {?}', + $id); $page->trigSuccess("L'entreprise a bien été remplacée."); } else { - require_once 'profil.func.inc.php'; require_once 'geocoding.inc.php'; - $display_tel = format_display_number(Env::v('tel'), $error_tel); - $display_fax = format_display_number(Env::v('fax'), $error_fax); $gmapsGeocoder = new GMapsGeocoder(); $address = array('text' => Env::t('address')); $address = $gmapsGeocoder->getGeocodedAddress($address); @@ -1367,12 +1450,12 @@ class AdminModule extends PLModule Env::t('name'), Env::t('acronym'), Env::t('url'), Env::t('email'), Env::t('NAF_code'), Env::i('AX_code'), Env::i('holdingId'), $id); - XDB::execute("INSERT INTO profile_phones (pid, link_type, link_id, tel_id, tel_type, - search_tel, display_tel, pub) - VALUES ({?}, 'hq', 0, 0, 'fixed', {?}, {?}, 'public'), - ({?}, 'hq', 0, 1, 'fax', {?}, {?}, 'public')", - $id, format_phone_number(Env::v('tel')), $display_tel, - $id, format_phone_number(Env::v('fax')), $display_fax); + $phone = new Phone(array('display' => Env::v('tel'), 'link_id' => $id, 'id' => 0, 'type' => 'fixed', + 'link_type' => Phone::LINK_COMPANY, 'pub' => 'public')); + $fax = new Phone(array('display' => Env::v('fax'), 'link_id' => $id, 'id' => 1, 'type' => 'fax', + 'link_type' => Phone::LINK_COMPANY, 'pub' => 'public')); + $phone->save(); + $fax->save(); XDB::execute("INSERT INTO profile_addresses (jobid, type, id, accuracy, text, postalText, postalCode, localityId,